Tuesday, February 2, 2010

Fake Firefox Update Pages Push Adware

Since its’ release on January 21st, the newest version of the Firefox web browser has received a great deal of attention. In just a short time it has achieved over 30 million downloads. Adware pushers are capitalizing on the success of Firefox, packing ad serving software in with the program in an effort to increase their reach.

Purveyors of spyware and adware will try to take advantage of well known programs, illegitimately bundling their software into the install of the popular software. These programs are also commonly referred to as Potentially Unwanted Programs (PUPs) whose content is not necessarily malicious, but is almost never wanted by the user. These types of software are often used to collect information about the user without the users’ knowledge or consent.

The latest example is found on the fake Firefox download site below.  The page is cleverly disguised with the appearance of a legitimate Firefox download site and could easily fool many users hoping to upgrade. 


Taking a closer look reveals clues to the fraudulent page. While the page advertises version 3.5 the newest version is actually 3.6.  There are also misspellings such as “Anti-Pishing” in the title of the security section.

Victims of this scam install the “Hotbar” toolbar by Pinball Corp, formerly Zango.  Not only are users subject to the annoying toolbar, they're also barraged with pop-up ads and host to a new Hotbar weather application running in the system tray.


It should be noted that the owner of the fake Firefox site above is most likely not associated with Pinball Corp and only using its pay-per-install ad network for fast cash. Pay-per-install affiliate programs reward referring sites that generate installs of their programs, with Pinball paying as high as $1.45 per install. 

Always take caution installing any software and ensure the software is downloaded directly from the publisher whenever possible.  Users looking to upgrade Firefox should go to the real download site at http://getfirefox.com.

Blocking the Spyware and Malicious Sites category protects eSoft SiteFilter customers from this site and others like it.

5 comments:

Marlonguppy said...

OMG It is really there!
Thats no good for not-so experienced users!
----
Marlonguppy.nl

Ike said...

Be glad that I go with Linux and go with Swiftfox!

hoedan said...

if it's really a threat, why dont you just post the original url of the PUP Firefox ? so users could learn how to defend themselves ? or at least look into it ?

this way its just scaring people from using firefox with some screenshots with a blurred url :S

Lee Graves said...

The URL used in this example is hxxp://newfirefoxonline.com.

It's important for users to realize any web page could be created to perform this very same function.

Native New Yorker said...

Thanks for passing along this information. I hope Firefox is doing something about it.